I assume you're talking about the user requests regarding their data? Well, if the data is so anonymized that even the person can't prove who they are, then I'd say it falls in the provision that exempts anonymized data.
But in this case, I'm assuming the user must have a private key (for signing BAT transactions), so they could build a feature in the browser to sign messages using it.
The problem with signing transactions is basically then you can identify the browser history of the user. The BAT-ledger explains the principles of the transaction system
But in this case, I'm assuming the user must have a private key (for signing BAT transactions), so they could build a feature in the browser to sign messages using it.